Deprecation

IG logs a warning message each time it evaluates a call to a deprecated function. Under high loads, logging high numbers of messages can reduce performance. Consider the impact on performance if you decide to continue to use deprecated functions in your deployment.

Deprecation is defined in ForgeRock Product Stability Labels.

Deprecated Functionality in IG 7.1.2

The following additional properties are deprecated in this release:

Object Deprecated Settings Replacement Settings

Object	Deprecated Settings	Replacement Settings
Functions	`matches`	Replaced by `matchesWithRegex` or `find`.
`matchingGroups`	Replaced by `findGroups`.

Functions

matches

Replaced by matchesWithRegex or find.

matchingGroups

Replaced by findGroups.

Deprecated Functionality in IG 7.1.1

No additional functionality was deprecated in this release.

Deprecated Functionality in IG 7.1

The following features and properties are deprecated:

Delivery of IG war file

The delivery of a .war file is deprecated in this release and may be removed in the next release.

Methods to read or set query and form parameters

The request.form method used in scripts to read or set query and form parameters is deprecated. Use the following methods instead:

Request.getQueryParams() to read query parameters.
Entity.getForm() to read form parameters.
Entity.setForm() to set form parameters.

LdapClient class and 'ldap' script binding

The LdapClient class and the ldap script binding are deprecated.

Object Deprecated Settings Replacement Settings

Object	Deprecated Settings	Replacement Settings
AmService	`password`	Replaced by `passwordSecretId`. If the deprecated and replacement properties are both provided, the replacement property takes precedence.
AuditService	`event-handlers`	Replaced by `eventHandlers`.
CapturedUserPasswordFilter	`key`	Replaced by `keySecretId`. If the deprecated and replacement properties are both provided, the replacement property takes precedence.
ClientHandler	`proxy` subproperty `password`	Replaced by `passwordSecretId`. If the deprecated and replacement properties are both provided, the replacement property takes precedence.
`keyManager` `sslCipherSuites` `sslContextAlgorithm` `sslEnabledProtocols` `trustManager`	Replaced by the ClientTlsOptions object. For more information, see ClientTlsOptions.
`websocket` subproperties: `keyManager` `sslCipherSuites` `sslContextAlgorithm` `sslEnabledProtocols` `trustManager`	Replaced by the ClientTlsOptions object. For more information, see ClientTlsOptions.
ClientRegistration	`keystore` `privateKeyJwtAlias` `privateKeyJwtPassword`	Replaced by `privateKeyJwtSecretId`. If the deprecated and replacement properties are both provided, the replacement property takes precedence.
`name`, when used to identify a `registration`	Replaced by `clientId`. For information, see ClientRegistration, and the example route in Use Multiple OpenID Connect Providers.
`clientSecret`	Replaced by `clientSecretId`. If the deprecated and replacement properties are both provided, the replacement property takes precedence.
CorsFilter	`origins`	Replaced by `acceptedOrigins`. For information, see CorsFilter.
CryptoHeaderFilter	Whole object	Not replaced. For information, see CryptoHeaderFilter.
DesKeyGenHandler	Whole object	Not replaced. For information, see DesKeyGenHandler.
ElasticsearchAuditEventHandler	Whole object	Not replaced.
JwtBuilderFilter	`signature` subproperties: `keystore` `alias` `password`	Replaced by `signature` property `secretId`. If the deprecated and replacement properties are both provided, the replacement property takes precedence.
JwtSession	`encryptionSecretId` and `signatureSecretId`	Replaced by `authenticatedEncryptionSecretId` and `encryptionMethod`.
`cookieName` and `cookieDomain`	Replaced by `cookie`, and its subproperties `name`, `domain`, `path`, `secure`, `httpOnly`. If the deprecated and replacement properties are both provided, the replacement property takes precedence.
`password`	Replaced by `passwordSecretId`. If the deprecated and replacement properties are both provided, the replacement property takes precedence.
Combination of `password`, `alias`, and `keystore` Combination of `passwordSecretId`, `alias`, and `keystore`	Replaced by `encryptionSecretId`. If the deprecated and replacement properties are both provided, the replacement property takes precedence.
`sharedSecret`	Replaced by `signatureSecretId`. If the deprecated and replacement properties are both provided, the replacement property takes precedence.
KeyManager	`password`	Replaced by `passwordSecretId`. If the deprecated and replacement properties are both provided, the replacement property takes precedence.
KeyStore	`password`	Replaced by `passwordSecretId`. If the deprecated and replacement properties are both provided, the replacement property takes precedence.
OpenAmAccessTokenResolver	Whole object	Not replaced. For information, see OpenAmAccessTokenResolver.
ReverseProxyHandler	`keyManager` `sslCipherSuites` `sslContextAlgorithm` `sslEnabledProtocols` `trustManager`	Replaced by the ClientTlsOptions object. For more information, see ClientTlsOptions.
`websocket` subproperties: `keyManager` `sslCipherSuites` `sslContextAlgorithm` `sslEnabledProtocols` `trustManager`	Replaced by the ClientTlsOptions object. For more information, see ClientTlsOptions.
Route	`monitor`	Replaced by the Prometheus Scrape Endpoint and Common REST Monitoring Endpoint. For information, see Monitoring Endpoints.
SingleSignOnFilter	`logoutEndpoint`	Replaced by `logoutExpression`.
SplunkAuditEventHandler	Whole object	Not replaced.
SqlAttributesFilter	`dataSource` as a JNDI lookup name	Replaced by `dataSource` as a `JdbcDataSource` configuration object.
StatelessAccessTokenResolver	`signatureSecretId`	Replaced by `verificationSecretId`.
`encryptionSecretId`	Replaced by `decryptionSecretId`.
UserProfileFilter	`ssoToken`	Replaced by `username` in UserProfileFilter.
`amService` and `profileAttributes`	Replaced `amService` and `profileAttributes`, as sub-properties of `userProfileService`
The environment variable and system property that define the file system directory for configuration files.	`OPENIG_BASE` and `openig.base`	Replaced by `IG_INSTANCE_DIR` and `ig.instance.dir`. If neither the deprecated setting nor the replacement setting are provided, configuration files are in the default directory `$HOME/.openig` (on Windows, `appdata\OpenIG`). If the deprecated setting and the replacement setting are both provided, the replacement setting is used.

AmService

password

Replaced by passwordSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

AuditService

event-handlers

Replaced by eventHandlers.

CapturedUserPasswordFilter

key

Replaced by keySecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

ClientHandler

proxy subproperty password

Replaced by passwordSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

keyManager
sslCipherSuites
sslContextAlgorithm
sslEnabledProtocols
trustManager

Replaced by the ClientTlsOptions object. For more information, see ClientTlsOptions.

websocket subproperties:

keyManager
sslCipherSuites
sslContextAlgorithm
sslEnabledProtocols
trustManager

Replaced by the ClientTlsOptions object. For more information, see ClientTlsOptions.

ClientRegistration

keystore
privateKeyJwtAlias
privateKeyJwtPassword

Replaced by privateKeyJwtSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

name, when used to identify a registration

Replaced by clientId. For information, see ClientRegistration, and the example route in Use Multiple OpenID Connect Providers.

clientSecret

Replaced by clientSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

CorsFilter

origins

Replaced by acceptedOrigins. For information, see CorsFilter.

CryptoHeaderFilter

Whole object

Not replaced. For information, see CryptoHeaderFilter.

DesKeyGenHandler

Whole object

Not replaced. For information, see DesKeyGenHandler.

ElasticsearchAuditEventHandler

Whole object

Not replaced.

JwtBuilderFilter

signature subproperties:

keystore
alias
password

Replaced by signature property secretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

JwtSession

encryptionSecretId and signatureSecretId

Replaced by authenticatedEncryptionSecretId and encryptionMethod.

cookieName and cookieDomain

Replaced by cookie, and its subproperties name, domain, path, secure, httpOnly.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

password

Replaced by passwordSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

Combination of password, alias, and keystore Combination of passwordSecretId, alias, and keystore

Replaced by encryptionSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

sharedSecret

Replaced by signatureSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

KeyManager

password

Replaced by passwordSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

KeyStore

password

Replaced by passwordSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

OpenAmAccessTokenResolver

Whole object

Not replaced. For information, see OpenAmAccessTokenResolver.

ReverseProxyHandler

keyManager
sslCipherSuites
sslContextAlgorithm
sslEnabledProtocols
trustManager

Replaced by the ClientTlsOptions object. For more information, see ClientTlsOptions.

websocket subproperties:

keyManager
sslCipherSuites
sslContextAlgorithm
sslEnabledProtocols
trustManager

Replaced by the ClientTlsOptions object. For more information, see ClientTlsOptions.

Route

monitor

Replaced by the Prometheus Scrape Endpoint and Common REST Monitoring Endpoint. For information, see Monitoring Endpoints.

SingleSignOnFilter

logoutEndpoint

Replaced by logoutExpression.

SplunkAuditEventHandler

Whole object

Not replaced.

SqlAttributesFilter

dataSource as a JNDI lookup name

Replaced by dataSource as a JdbcDataSource configuration object.

StatelessAccessTokenResolver

signatureSecretId

Replaced by verificationSecretId.

encryptionSecretId

Replaced by decryptionSecretId.

UserProfileFilter

ssoToken

Replaced by username in UserProfileFilter.

amService and profileAttributes

Replaced amService and profileAttributes, as sub-properties of userProfileService

The environment variable and system property that define the file system directory for configuration files.

OPENIG_BASE and openig.base

Replaced by IG_INSTANCE_DIR and ig.instance.dir.

If neither the deprecated setting nor the replacement setting are provided, configuration files are in the default directory $HOME/.openig (on Windows, appdata\OpenIG).

If the deprecated setting and the replacement setting are both provided, the replacement setting is used.